locking down Apache to localhost - apache

Having recently moved from Win XP (x86) to Win 7 (x64), I have also had to reinstall Apache. I have installed the 64 bit versions of Apache (2.4.3) and PHP (2.4).
I installed it to c:\Apache24.
I have got it up and running, but now I need to lock it down to my local PC Only.
If I have:
<Directory "c:/Apache24/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# New directive needed in Apache 2.4.3 apparently:
Require all granted
</Directory>
this works fine, but if I change it to:
<Directory "c:/Apache24/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from 127.0.0.1
# New directive needed in Apache 2.4.3 apparently:
Require all granted
</Directory>
(or 'Allow from Localhost' or 'Allow from 192.x.y.z')
I get an access denied error. How can I get round this?
Everything is installed using my login, which has full local admin rights.

Replace
Order allow,deny
Allow from all
Require all granted
by just
Require local
More: http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html

One approach is to add Listen to httpd.conf:
Listen 127.0.0.1:80
Remember to remove the other Listen directives, if there are any other.
Note that this will lock down the entire server so it only responds to requests from localhost. If you need to fine-tune permissions on a directory-by-directory basis, use the <Directory> syntax:
<Directory /var/www/secure>
Require local
</Directory>
The above is for Apache 2.4, where Order, Allow, and Deny are deprecated.

Related

httpd (apache server) on fedora, symbolic links work but unable to see/access files inside?

I'm running httpd on fedora server 35 and want to use it to serve files on my local network. It works fine for files stored under the /var/www/html directory directly (e.g. /var/www/html/videos/video.mp4 can be accessed with http://IP/videos/video.mp4 on any local device).
I want to serve files stored in other locations in the file system. My plan was to create symbolic links to those locations. When I do that, I run into forbidden errors when trying to access the files (e.g. A video file /files/videos/video.mp4 linked with a sym link /var/www/html/videos-link -> /files/videos/ so that I would (theoretically) access it with http://IP/videos-link/video.mp4
I can navigate to http://IP/videos-link fine (an Index of DIRECTORY page, but no files are listed), but trying to access the file (http://IP/videos-link/video.mp4) gives me 403 forbidden.
My config (/etc/httpd/conf/httpd.conf) looks like this (it's a bit messy since I've been trying to fix this myself):
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www">
Options +FollowSymLinks +Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
...
<Directory "/files/videos">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In attempts to make it work I've made sure the sym link and all the directories have the same owner and that their all 777 so ownership/read perms shouldn't be an issue. Would greatly appreciate some help, thanks.
My issue was with SELinux. To get it working immediately I was able to set SELinux to permissive mode with
# setenforce 0
That refreshes on boot and is probably insecure, so the permanent fix (to just let httpd through) would be:
# semanage permissive -a httpd_t
More details on SELinux in Fedora can be found here: https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/

Apache 2.4 permissions issue

I have Apache 2.4 installed using Homebrew on my Mac. The following does not work, it allows access to the entire filesystem:
<Directory />
AllowOverride None
Require all denied
</Directory>
If I enable access_compat_module then change the above block to the block below, it works as expected. I didn't make any other changes to httpd.conf.
<Directory />
AllowOverride None
Order deny,allow
Deny from all
</Directory>
I thought these were equivalent but clearly something is not working. I have authz_core_module enabled in both cases. Any ideas what I am doing wrong? Thanks.
if you want only share '/path/to/share'
then you need not to touch
< Directory / >
instead update the
< Directory "/Library/WebServer/Documents" >
to let it be:
< Directory "/Library/WebServer/Documents" >
Options FollowSymLinks Indexes
MultiviewsMatch Any
AllowOverride None
Require all granted
< /Directory >
then you can create a soft link under the
/Library/WebServer/Documents
to let it point to
/path/to/share
and give the
/path
/path/to
/path/to/share
enough permission to make it possible to access from
http://<your domain name>/
this is System level to share some special directory.
there is also other ways to share some special directory in your server
, e.g. Alias or user level
http://<your domain name>/~<username>
reference documents

using flask virtualenv on remote host (not locally)

I have a CentOS 7 WSGI enables Apache Httpd server (on a VirtualBox machine) and it serves my developing Flask site at http://www.myflask.com on port 80.
Since I can't debug there (even if I tried everything I could), like I can on a local version set in a virutalenv at http://127.0.0.1:5000, I was trying to do this:
setting up a virtualenv (with flask installed) on the VB server, called myflaskv (/var/www/myflaskv)
putting myflask dir into myflaskv (/var/www/myflaskv/myflask)
I did end with the following httpd.conf virtual host section:
<VirtualHost *:80>
DocumentRoot "/var/www/myflaskv/myflask"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/myflaskv/myflask">
Options Indexes FollowSymLinks MultiViews
Order deny,allow
Allow from all
</Directory>
WSGIScriptAlias / /var/www/myflaskv/myflask/index.wsgi
ServerName www.myflask.com:80
</VirtualHost>
I can load the page http://www.myflask.com (even with virtualenv activated) but I can't load the page http://www.myflask.com:5000 as I would suppose to debug.
So I tried to add a virtualhost on port 5000:
<VirtualHost *:5000>
DocumentRoot "/var/www/myflaskv/myflask"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/myflaskv/myflask">
Options Indexes FollowSymLinks MultiViews
Order deny,allow
Allow from all
</Directory>
WSGIScriptAlias / /var/www/myflaskv/myflask/index.wsgi
ServerName www.myflaskv.com:5000
</VirtualHost>
supposing that this way I could load http://www.myfaskv.com, and instead I can't (ERR_CONNECTION_REFUSED).
By the way I temporarly disactivated ip-tables and se-linux.
So is there a way to load from browser the 127.0.0.1:5000 ip address of a remote host?
Or there is a better way to debug flask in an wsgi apache dev environment?
If you want to access the url from outside the box, you will have to run the server at 0.0.0.0:5000.
The url http://127.0.0.1:5000 cannot be accessed from outside the box you are running it in.
When you use wsgi to access your app, the error messages and stack traces are written to the web server error log, by default at /var/log/apache2/error.log. You don't need to use the virtualenv web server. Just write any debug output you need to a local log file (if you have debugging input you want to print) and look for the stack traces in the apache error log.

WAMP error: Forbidden You don't have permission to access /phpmyadmin/ on this server

I am new to WAMP and I have just installed it today.
The setup went well and localhost seems to work, but when I try to access phpMyAdmin I get this error:
Forbidden
You don't have permission to access /phpmyadmin/ on this server.
Why do I get this permission access error with phpMyAdmin?
I am using Windows 7.
Change the file content of c:\wamp\alias\phpmyadmin.conf to the following.
Note: You should set the Allow Directive to allow from your local machine for security purposes. The directive Allow from all is insecure and should be limited to your local machine.
<Directory "c:/wamp/apps/phpmyadmin3.4.5/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Allow from all
</Directory>
Here my WAMP installation is in the c:\wamp folder. Change it according to your installation.
Previously, it was like this:
<Directory "c:/wamp/apps/phpmyadmin3.4.5/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
Modern versions of Apache 2.2 and up will look for a IPv6 loopback instead of a IPv4 loopback (your localhost).
The real problem is that wamp is binding to an IPv6 address. The fix:
just add Allow from ::1 - Tiberiu-IonuČ› Stan
<Directory "c:/wamp22/apps/phpmyadmin3.5.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Deny from all
Allow from localhost 127.0.0.1 ::1
</Directory>
This will allow only the local machine to access local apps for Apache.
Restart your Apache server after making these changes.
You have to just check whether your WAMP server is online or not.
To put your WAMP server online, follow these steps.
Go to your WAMP server notification icon (in the task bar).
Single click on the WAMP server icon.
Select last option from the menu, that is, Put Online
Your server will restart automatically (in the latest versions only). Otherwise, you have to restart your server manually.
And you are DONE...
If you're using WAMP with Apache 2.4.2 or greater, you need to use Require all instead of Allow and remove Order Deny,Allow:
<Directory "f:/Projects/myproject/www/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
*as stated in this blog post
Just use 127.0.0.1 instead of localhost (no changes to the configuration file are required).
System:
Windows 7
wampserver2.2d-x64
This works:
http://127.0.0.1/phpmyadmin/
This one fails:
http://localhost/phpmyadmin/
I just had the same problem. It turns out that my installation of Windows is using the IPv6 address ::1 instead of 127.0.0.1. To solve this, I opened httpd.conf and changed the following line:
Allow from 127.0.0.1
to:
Allow from 127.0.0.1 ::1
Now I can access the server through localhost. Whatever you do, don't remove the Deny from all from the line above, or anyone on your network can gain access to your web server (unless that's what you want of course).
If you are on Windows 7 or 8 then Apache might be seeing the connections coming from "::1" which is the IPv6 equivalent of 127.0.0.1.
You can check this by looking in the Apache Access Log (reachable from the WAMP menu)
::1 - - [20/Dec/2012:21:35:04 +0000] "GET /phpmyadmin/ HTTP/1.1" 403 213
The ::1 at the start is the clients address. The 403 at the end is the Access Denied code.
The answers above will remove all restrictions and open phpmyadmin to all, but if you still want to restrict phpmyadmin to your machine only (generally a good idea) then under the line...
Allow from 127.0.0.1
..add the following:
Allow from ::1
(edit: Added suggestion from Nukeface)
Change
Listen 80
to
Listen 127.0.0.1:80
in your httpd.conf file. It will bind Apache to a specific IP address and port.
I found that using localhost would not work properly to allow local access from the server. I had to use 127.0.0.1.
In phpmyadmin.conf this did not work:
Deny from all
Allow from localhost
this did work:
Deny from all
Allow from 127.0.0.1
I am using WampServer Version 2.2
For Apache 2.4.2:
In httpd.conf:
Change
Require local
to
Require all granted
I wanted to run my server online and not under localhost / 127.0.0.1 and had the forbidden message. I am running the WAMP 2.2 server (Apache 2.4.2 / PHP 5.4.3 / MySQL 5.5.24) on Windows 7 64 bit. What worked for me is the following:
Press the startup WAMP icon in the menu
Choose Apache folder
Choose the file httpd.conf
Under the Directory tab section (section with "# Online --> Require all granted" text), I had the "Require local" option which I changed to "Require all granted"
Restart all services of the WAMP
Again, it worked for me and from this thread I understand that there are many cases in which you may get the above error message so if mine does not work, try other solutions.
Good luck.
(I hope it helps someone like it helped me. I did not find any one of the solutions above working for me.)
1.change D:\wamp\bin\apache\apache2.4.9\conf\httpd.conf near line 279
Require local
into
Require all granted
2.change like this in D:\wamp\alias\phpmyadmin.conf from existing one
<Directory "d:/wamp/apps/phpmyadmin4.1.14/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
Order Deny,Allow
Allow from all
</Directory>
3.Click to Restart All services in wamp.
4.Click put online in wamp.
5.Again Click to Restart All services in wamp.
Hope it Helps..
I fixed that problem before. It can happen due to many reasons, so you can use some or all of the next steps (opening mentioned files using any text editor, like Notepad++).
If you install WAMP in C:\wamp
1- Open file C:\wamp\bin\apache\apache2.2.22\conf\httpd.conf
Note: you may have a different Apache version than Apache 2.2.22, so you need to write it instead.
Search for: Directory "C:/wamp/www/". You will find something similar to this:
<Directory "C:/wamp/www/">
# maybe there is some comments here ...
AllowOverride all
Order Allow,Deny
Allow from all
</Directory>
Be sure that Allow from all is exists and not outcommented.
2- Open file C:\wamp\alias\phpmyadmin.conf.
Make sure that
<Directory "C:/wamp/apps/phpmyadmin3.5.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
Change Allow from 127.0.0.1 to Allow from all.
You can remove Deny from all or comment it out by adding # at the beginning of the line, but you have to make sure that Allow from all is the last line of code just before </Directory>.
Note: you may have a different version than phpMyAdmin 3.5.1.
To use localhost/phpmyadmin instead of 127.0.0.1/phpmyadmin:
Open file C:\wamp\bin\apache\apache2.2.22\conf\extra\httpd-vhosts.conf. Add the following at the end of it.
<VirtualHost *:80>
DocumentRoot "C:/wamp/www"
ServerName localhost
</VirtualHost>
The simple solution to this would be to find phpmyadmin.conf file and then find below code inside it,
<Directory "c:/wamp/apps/phpmyadmin3.5.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
Change "Deny from all" to "Allow from all".
OR
Follow below link to get better understanding on how to do it,
WAMP says Forbidden You don't have permission to access /phpmyadmin/ on this server Windows 7 or 8
Enjoy :)
If WampServer works in the computer it is installed but not on another device in your network (e.g.: from your phone) with the 'You don't have permission to access on this server.' try the following.
1.
Edit the httpd-vhosts.conf (C:\wamp64\bin\apache\apache2.4.33\conf\extra\httpd-vhosts.conf), so it looks like this:
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
2.
Edit the phpmyadmin.conf (C:\wamp64\alias\phpmyadmin.conf), so it looks like this:
<Directory "d:/wamp64/apps/phpmyadmin4.7.9/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride all
Order Deny,Allow
Allow from all
Require all granted
3.
Restart WampServer services
For Apache 2.4.2 the solution is:
in httpd.conf on line 265 change Require none to Require all granted.
That's all.
I had commented out the ::1 line in my hosts file.
Even I faced the same issue with my domain. If I gave an IP address it was working. But with a domain name it was not.
Then I checked my DNS A record. The domain had multiple entries with different IP addresses assigned. I removed all the wrong values, and it worked. Just one more check list if anyone faces a similar issue.
Just edit the file "c:\wamp\alias\phpmyadmin.conf"
like this
<Directory "C:/wamp64/apps/phpmyadmin4.5.5.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
In WAMP 3.1.4 x64 I solved updating the file C:\wamp64\alias\phpmyadmin.conf from this:
Alias /phpmyadmin "c:/wamp64/apps/phpmyadmin4.8.3/"
<Directory "c:/wamp64/apps/phpmyadmin4.8.3/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride all
<ifDefine APACHE24>
Require local
</ifDefine>
<ifDefine !APACHE24>
Order Deny,Allow
Deny from all
Allow from localhost ::1 127.0.0.1
</ifDefine>
# To import big file you can increase values
php_admin_value upload_max_filesize 128M
php_admin_value post_max_size 128M
php_admin_value max_execution_time 360
php_admin_value max_input_time 360
</Directory>
to this:
Alias /phpmyadmin "c:/wamp64/apps/phpmyadmin4.8.3/"
<Directory "c:/wamp64/apps/phpmyadmin4.8.3/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride all
Require all granted
# To import big file you can increase values
php_admin_value upload_max_filesize 128M
php_admin_value post_max_size 128M
php_admin_value max_execution_time 360
php_admin_value max_input_time 360
</Directory>
And finally restarting all WAMP services.
In my case, the problem was that the phpMyAdmin version was specified wrongly in the phpmyadmin.conf file. You may check that:
Go to wamp/apps/phpmyadmin3.x.x: notice the file name - what version you are currently using?
Open file wamp/alias/phpmyadmin.conf:
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Allow from all
Check the first line (directory "c:/wamp/apps/phpmyadmin3.x.x/") is the file name exactly the same as your actual file name.
Make sure the directory file name is absolutely correct.
replace localhost with 127.0.0.1 in your URL, worked for me.
I had a similar issue. My Apache configuration file looked like this:
<VirtualHost *:80>
ServerName mywebsite.com
ServerAlias www.mywebsite.com
DocumentRoot "C:/wamp64/www/vtigercrm"
<Directory "/"
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Here's how I fixed it:
The issue was that I specified the Directory as "/" (that is root folder on my server) instead of "C:/wamp64/www/vtigercrm/", which is where I have my website files.
I modified my configuration this way:
<VirtualHost *:80>
ServerName mywebsite.com
ServerAlias www.mywebsite.com
DocumentRoot "C:/wamp64/www/vtigercrm"
<Directory "C:/wamp64/www/myvtigercrm/"
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
And everything worked fine.
What was going on with my setup was that WAMP was binding to an IPv6 Address (and every subsequent time I reinstalled WAMP).
To fix this, I went into c:\wamp\alias\phpmyadmin.conf and added the line Allow from ::1
The reason might be 127.0.0.1 is not linked to localhost. Check your 'C:\Windows\System32\drivers\etc\hosts' file. It should have a line like this:
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
I tried to set up my password... And that's how I got locked out from localhost. They should fix this...
Anyway, be careful with random advice. They all may or may not work. But some advice will lock you out even further. The one that worked for me:
Type "http://127.0.0.1/phpmyadmin/" in the address bar.
Then I discovered that http://localhost/phpmyadmin/ also works.
However, before that, out of desperation I had...
I deleted the files, I uninstalled WAMP, deleted temporary cookies, and installed WAMP again. It still doesn't accept "localhost" (and I am tired after a day trying to access WAMP), but the 127.0.0.1 and the localhost/phpmy... work. I am happy to see the page back. And start working again.
If you read this thread all the way to here means you are probably in a big problem... Windows 8, WAMP (wampserver 2.2). I wonder what it needs to get back access to localhost.
In my case a WAMP server was installed before on my pc, so when installing the new one some files not overwritten, all you have to do in that case is to go to the C:\ and delete the whole WAMP folder then install it again.
Check if you are logged in as root or user with privileges. Just to be sure, logout and login again with root/no-password.
If your WAMP icon is not green try:
Left Click WAMP Icon > MySQL > Services > Install Service
So all of these answers are basically the same one. They only address one idea: it has to be DNS related. Well, that is not the only part of this it turns out. After many changes, I was getting nowhere reading the next "same answer" hoping that it would just go my way.
What did the trick for me was to adjust my versions of Apache. I think what the deal was, is that the one of the configuration files get a path off or that the install due to IIS may have been messed up / or / or /etc. And so forcing a version change readdresses everything from your firewall to bad configurations.
In fact, when I switched back to Apache 2.4.2 it goes back to being a forbidden. And as soon as I go back to Apache 2.4.4 it comes back up. That rules out local network issues. I just wanted to point out that all of the answers here are the same and that I have been able to kill the forbidden by changing the Apache version.
I had the same problem. The hosts file is corrupted!
there were:
localhos 127.0.0.1
localhost 127.0.0.1
localhos 127.0.0.1
localhos 127.0.0.1
The result is that localhost is not defined.
Solution: edit the hosts file with admin rights and correct to only one entry:
localhost 127.0.0.1

how to access phpmyadmin remotely

Is it possible to access phpmyadmin from outside the network?
Where do I set it? I tried editing httpd.conf, and restarted all services from wampserver but it doesn't work
<Directory />
Options FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
Go to C:\wamp\alias and edit the file phpmyadmin
# to give access to phpmyadmin from outside
# replace the lines
#
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
#
# by
#
# Order Allow,Deny
# Allow from all
# Edit C:\wamp\alias\phpmyadmin.conf
# Below is v3.5.1 - the current version is 4.0.4.1
Alias /phpmyadmin "c:/wamp/apps/phpmyadmin3.5.1/"
# to give access to phpMyAdmin from outside
# replace the lines
#
# Require local
#
# by
#
# Require all granted
#
<Directory "c:/wamp/apps/phpmyadmin3.5.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
Are you on Unix or Windows? If on Unix, check the owner/permissions for the directory that phpMyAdmin is installed under - that might have something to do with it.
It looks to me as if you're trying to access a private address from a remote network. You can't. You will have to configure a webserver on your machine and use a ddns (in case you don't have a fixed public ip) service on your server. You will probablly have to redirect port 80 incoming traffic on your router pointing to the webserver machine also.
just for reference of other users who will encounter this kind of issue I would like to remind everyone that aside from changing directories, you must also have to check your firewall settings.
It happened to me, I've changed everything (all config in xampp) but still cannot connect. I almost gave up and then I remembered firewall. After I changed my settings it all works fine.
just sharing
Did you try like this ? Maybe you shuld add directory name in your network ?
<Directory "/Documents and Settings/All Users/Documents/xampp/phpMyAdmin">
...
...
...
...
</Directory>
Put below code in file
D:\wamp\alias\phpmyadmin.conf
< Directory "D:/wamp/apps/phpmyadmin3.2.0.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Allow from all
Allow from 127.0.0.1
< /Directory>